Freeradius 2.1.12 Second LDAP Server
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Mon Sep 16 16:33:07 CEST 2013
Hi,
> Could not authenticate user Username%Password with plaintext password
> challenge/response password authentication succeeded
thats okay. means you couldnt do PAP and only MSCHAPv2 worked. expected for that command.
> In this Step, i must edit the following line with this text in the file:
> /etc/freeradius/modules/mschap
>
> ntlm_auth = "/path/to/ntlm_auth --request-nt-key
> --username=%{mschap:User-Name:-None}
> --domain=%{%{mschap:NT-Domain}:-MYDOMAIN}
> --challenge=%{mschap:Challenge:-00}
> --nt-response=%{mschap:NT-Response:-00}"
>
> But my default commented ntml_auth looks like this:
>
> ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
> --username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
> --challenge=%{%{mschap:Challenge}:-00}
> --nt-response=%{%{mschap:NT-Response}:-00}"
the docs and default values have seperated over time.
> In my default ntlm_auth, the option
> "--domain=%{%{mschap:NT-Domain}:-MYDOMAIN}" is missing. Should i add it?
depends on what you want to do and need to do. do you TRUST your clients to be sending the correct
domain? I dont...so I've set the domain manually.
> $ radtest -t mschap bob hello localhost 0 testing123
> First Line:
> bob Cleartext-Password := "hello"
whats the users file got to do with anything? if you have clashing usernames you will have a few problems.
i expect you are trying to test your AD? the radtest failed due to incorrect password.. ie the AD is not bob/hello
I'd recommend using 'eapol_test' for better/advanced testing - its part of the wpa_supplicant
package.
> @Mathieu
> Is there a current RADIUS-book that you can recommend?
"FreeRADIUS for beginners" is a good current book
alan
More information about the Freeradius-Users
mailing list